Re: http_port vs https_port (Alex Rousskov)

Gordon Hsiao <capcoding@xxxxxxxxx> · Wed, 27 Jun 2018 18:04:36 -0500

Date: Wed, 27 Jun 2018 11:55:29 -0500

From: Gordon Hsiao <capcoding@xxxxxxxxx>

To: squid-users@xxxxxxxxxxxxxxxxxxxxx

Subject:  http_port vs https_port

Message-ID:

        <CAK0iFYxX6_jYmE1HDsdSvoOf5_pbMEVoaTaVnbzH56ULjNi9NQ@xxxxxxxxxxxxxx>

Content-Type: text/plain; charset="utf-8"

Reading all the cfg options in Squid 3.5 I noticed http_port has lots of

SSL related options(which it should not), plus https_port is referring to

http_port for those options, should http_port have nothing to do with

ssl-specific options and those ssl-options could be better moved to

https_port section instead?

http://www.squid-cache.org/Versions/v3/3.5/cfgman/http_port.html

http://www.squid-cache.org/Versions/v3/3.5/cfgman/https_port.html

Gordon

-------------- next part --------------

An HTML attachment was scrubbed...

URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180627/53c8530f/attachment-0001.html>

------------------------------

Message: 4

Date: Wed, 27 Jun 2018 11:23:22 -0600

From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>

To: Gordon Hsiao <capcoding@xxxxxxxxx>,

        squid-users@xxxxxxxxxxxxxxxxxxxxx

Subject: Re:  http_port vs https_port

Message-ID:

        <ac390312-1c93-627f-fb9a-5b2ff6a564f5@xxxxxxxxxxxxxxxxxxxxxxx>

Content-Type: text/plain; charset=utf-8

On 06/27/2018 10:55 AM, Gordon Hsiao wrote:

> Reading all the cfg options in Squid 3.5 I noticed http_port has lots of

> SSL related options(which it should not), plus https_port is referring

> to http_port for those options, should http_port have nothing to do with

> ssl-specific options and those ssl-options could be better moved to

> https_port section instead?

http_port uses SSL options when bumping HTTP CONNECT tunnels.

Alex.

 Keep reading http_port vs https_port here...

1. http_port does not require openssl, https_port does, however http_port can do ssl-bump so I would think http_port is conditionally depending on openssl
2. reading cfgman v3.5 page I could not really tell their difference when openssl/ssl-bump is involved, it seems http_port is a superset of https_port and they behave the same when ssl-bump(splice or bump) is to be used.

Since http_port (--with-openssl) seems can do everything https_port can do, why do we have https_port at all? in which circumstances I must use https_port?

Thanks,
Gordon
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users